Add CVE-2022-24830 for GHSA-9rrv-prff-qph7

2025-07-30 18:04:30 +00:00 · 2022-05-13 23:36:02 +00:00 · 2022-05-13 23:36:02 +00:00 · 383bed2b8b
commit 383bed2b8b
parent 2d86ec250d
1 changed files with 76 additions and 6 deletions
--- a/2022/24xxx/CVE-2022-24830.json
+++ b/2022/24xxx/CVE-2022-24830.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24830",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Path Traversal in OpenClinica"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "OpenClinica",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 3.16"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "OpenClinica"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade. "
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.5,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-9rrv-prff-qph7",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-9rrv-prff-qph7"
+            },
+            {
+                "name": "https://github.com/OpenClinica/OpenClinica/commit/6f864e86543f903bd20d6f9fc7056115106441f3",
+                "refsource": "MISC",
+                "url": "https://github.com/OpenClinica/OpenClinica/commit/6f864e86543f903bd20d6f9fc7056115106441f3"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-9rrv-prff-qph7",
+        "discovery": "UNKNOWN"
    }
 }